Traditionally, such an update is done either by transferring files (i.e., data sets) stored on mobile storage peripherals such as hard drives, USB (Universal Serial Bus) drives, laptop computers, or by sending data via communication links, such as radio communication links.
The integrity of such an operation to update data onboard a piece of avionics equipment is critical with respect to flight safety and the proper progression of navigation operations. To ensure such integrity, solutions based on the application of a cryptographic hash function to the update files, the result of which is called message digest, or hash value, or digital imprint, are implemented.
One example of this type of solution is in particular described in document US 2013/036103 A1.
According to this document, a comparison between a computed message digest and a reference message digest previously stored in an integrity module of the aircraft is implemented to validate the update.
However, this solution implemented within the aircraft proves ineffective when an ill-intentioned third party manages to penetrate the update system of the aircraft. Furthermore, this solution requires a prior and recurring update of the reference message digests stored within the integrity module of the aircraft, these reference message digests in turn being data files whose integrity must be protected within the aircraft.
To resolve this, solutions based on an electronic signature combining the aforementioned message digest technique and encryption by asymmetrical key exchange have been proposed.
Nevertheless, these solutions are logistically complex to implement because the encryption assumes a distribution on the one hand of public keys to the aircraft and on the other hand of private keys to the equipment manufacturers delivering the updates to be installed, as well as management over time of the validity of these keys and the associated certificates (for example, in case of verification).